U.S. probes hack of personal data on Michelle Obama, Beyonce, others

WASHINGTON (Reuters) - The FBI and other U.S. agencies said on Tuesday they were investigating a website that posted financial and personal information about first lady Michelle Obama, Vice President Joe Biden, and other government figures as well as celebrities including singers Beyonce and Jay-Z.

Some of the information was fraudulently obtained via a commonly used website for consumer credit reports, according to Equifax Inc, which said it was launching its own internal investigation.

It was unclear how much of the data, which first appeared on the website www.exposed.su on Monday, was accurate or who posted it.

The site listed social security numbers, telephone numbers, addresses and credit reports purportedly belonging to 18 prominent Americans. At least some of the telephone numbers were inaccurate.

The website, whose first page portrayed a mysterious-looking woman wearing heavy eye make-up with one finger over her lips, was still accessible on Tuesday although some links relating to individuals could not be opened.

Asked about the posting on Mrs Obama, Secret Service spokesman George Ogilvie said: “We are investigating the matter. Due to the ongoing investigation we can’t comment any further.” A Justice Department spokeswoman said the FBI was investigating.

Los Angeles Police Department spokeswoman Sara Faden said the department was also looking into the matter but said celebrities would have to file a police report to get their entry investigated.

It was not clear how many, if any, celebrities had filed a report. Faden said the entry of information purportedly on Police Chief Beck was being investigated.

Equifax, one of three main U.S. credit monitoring companies, said the information for four of the high-profile individuals was accessed through the annualcreditreport.com, a shared website also used by rivals TransUnion Corp and Experian PLC. It did not name the four individuals.

The company’s initial investigation found that the perpetrators had personal information on certain individuals, which allowed them to pass authentication steps, company spokesman Timothy Klein said.

“The fraudsters would have had to have a lot of information... this is pretty detailed stuff,” he said. Those responsible for the breach would have had to know about mortgages, car loans, or other credit accounts to get the reports, he added.

“DOXING”

Social security numbers, home addresses and other personal information can be used for identity theft or other illegitimate purposes such as stalking.

Equifax said it was working to fix the problem, which Klein said involved the credentials used by the free public service website that allows consumers to pick which of the three credit monitoring companies’ reports they want.

“We are actually taking the necessary steps to further improve and tighten the credentialing process,” Klein said.

Five reports from Equifax were linked on the website as of Tuesday afternoon and were for rapper Jay-Z, Holder, Schwarzenegger, Beck and former U.S. Vice President Al Gore.

Experian said it froze the credit files of those “victimized by this malicious attack” and was investigating what information may have been compromised.

It said it’s own systems had not been hacked. But it said in a statement: “Criminals accessed personal credential information through various outside sources, which provided them with sufficient information to illegally access a limited number of individual reports from some US credit reporting agencies.”

TransUnion said its systems had not been compromised. Representatives for Experian did not immediately respond to a request for comment.

The phone number given for Biden on the website turned out to be that of a store in Delaware, and one given for Kutcher was for a New York City accounting firm, raising questions about how much of the other information posted was accurate.

FBI spokeswoman Jenny Shearer said the website under investigation was an example of “doxing” in which someone creates a Web page with a list of personal information about a target.

“What we’ve seen on the website is an example of doxing, with pretty high profile individuals, celebrities and public figures,” Shearer said. “(It) doesn’t mean it’s true,” she added.

Publicists for several of the celebrities named on the website and contacted by Reuters declined to comment.

Reporting by Susan Heavey, Roberta Rampton and Steve Holland in Washington and Piya Sinha-Roy, Eric Kelsey and Alex Dobuzinskis in Los Angeles. Editing by David Storey